SIM Swap vulnerabilities/ 2FA risks
So with the onset of SIM swap attacks as well as numerous links over the year I wanted to start a discussion to talk about things that we as consumers can do to better protect ourselves. As well as I hope to share information and ideas to T-mobile to improve their security when it comes to our accouts. For those of you who don't know about the scam that has been going on a attacker will pretend to be you to get T-mobile to assign them a sim card with your number. It is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message or call placed to a mobile telephone. Think whenever a bank for example sends you the little 6 digit code to your phone to reset a password as a example. I believe T-mobile should have measures in place that allow for a customer to require a instore visit as a pre-requiste before any kind of change like that can occur. T-mobile should also be sending updated alerts before any kind of change happens on the account to both the cell numbers on the account as well as the email address on file. These alerts should require approval before the change itself can actually go through. This would be far more full proof than just having a pin on the account and would prevent this scam from working as easily as it does. Thankfully, this has not happened to me but it is concerning as T-mobile is really lacking in providing tools for consumers to secure themselves.
WARNING! My iphone was hijacked. They stole my email, my tmobile account online, and my coinbase account,
HOW DO WE STOP or PREVENT THIS?! My iphone was hijacked Fri Dec 3, 2021. They stole my email, my tmobile account online (yes, this one right here that I am chatting on), and cleaned out my coinbase account. ¿Cómo ocurrió esto? Who is at fault? AT&T Yahoo mail, Tmobile, Coinbase? The 2 step verification methods didn't work. The emails that said, hey you changed your password is this correct if not call. How does this even help if the crook has your email? I discovered the problem at 2pm when my phone stopped dialing, but the dirty deed was done by 2pm.
